PullPreview #155
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PullPreview | |
| on: | |
| schedule: | |
| - cron: "30 */6 * * *" | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - closed | |
| - labeled | |
| - unlabeled | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| deploy: | |
| if: github.event_name == 'schedule' || github.event.label.name == 'pullpreview' || contains(github.event.pull_request.labels.*.name, 'pullpreview') | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - id: auth_label_change | |
| if: github.event_name == 'pull_request' | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| action="$(jq -r '.action // ""' "$GITHUB_EVENT_PATH")" | |
| label="$(jq -r '.label.name // ""' "$GITHUB_EVENT_PATH")" | |
| has_pullpreview="$(jq -r '[.pull_request.labels[]?.name] | index("pullpreview") != null' "$GITHUB_EVENT_PATH")" | |
| auth_label_changed=false | |
| if [[ "$has_pullpreview" == "true" && ( "$action" == "labeled" || "$action" == "unlabeled" ) ]]; then | |
| case "$label" in | |
| auth-sso-external|auth-sso-nextcloud|auth-oauth2) | |
| auth_label_changed=true | |
| ;; | |
| esac | |
| fi | |
| { | |
| echo "changed=${auth_label_changed}" | |
| if [[ "$auth_label_changed" == "true" ]]; then | |
| echo "force_action=up" | |
| else | |
| echo "force_action=" | |
| fi | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Recreate preview before auth-mode change | |
| if: steps.auth_label_change.outputs.changed == 'true' | |
| uses: pullpreview/action@65df5209b58f360444525f1167f9e14803521fed | |
| with: | |
| provider: hetzner | |
| label: pullpreview | |
| force_action: down | |
| deployment_target: helm | |
| env: | |
| HCLOUD_TOKEN: ${{ secrets.HCLOUD_TOKEN }} | |
| HETZNER_CA_KEY: ${{ secrets.HETZNER_CA_KEY }} | |
| - id: pullpreview | |
| uses: pullpreview/action@65df5209b58f360444525f1167f9e14803521fed | |
| with: | |
| provider: hetzner | |
| label: pullpreview | |
| force_action: ${{ steps.auth_label_change.outputs.force_action }} | |
| region: fsn1 | |
| image: ubuntu-24.04 | |
| instance_type: cpx42 | |
| dns: my.preview.run | |
| max_domain_length: "40" | |
| deployment_target: helm | |
| chart: ./charts/pullpreview-stack | |
| chart_values: pullpreview/stack-values.yaml.gotmpl | |
| proxy_tls: traefik:80 | |
| proxy_tls_hosts: nextcloud.{{ pullpreview_public_dns }},keycloak.{{ pullpreview_public_dns }} | |
| ttl: 72h | |
| env: | |
| HCLOUD_TOKEN: ${{ secrets.HCLOUD_TOKEN }} | |
| HETZNER_CA_KEY: ${{ secrets.HETZNER_CA_KEY }} | |
| OPENPROJECT_ENTERPRISE_TOKEN: ${{ secrets.OPENPROJECT_ENTERPRISE_TOKEN }} | |
| - name: Add secondary URLs to job summary | |
| if: steps.pullpreview.outputs.live == 'true' | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| preview_url="${{ steps.pullpreview.outputs.url }}" | |
| preview_host="${preview_url#https://}" | |
| preview_host="${preview_host#http://}" | |
| preview_host="${preview_host%%/*}" | |
| preview_host="${preview_host%%:*}" | |
| { | |
| echo "" | |
| echo "### Preview endpoints" | |
| echo "" | |
| echo "- Main FQDN: https://${preview_host}" | |
| echo "- Nextcloud: https://nextcloud.${preview_host}" | |
| echo "- Keycloak: https://keycloak.${preview_host}/realms/opnc" | |
| } >> "${GITHUB_STEP_SUMMARY}" | |
| - name: Validate preview URLs | |
| if: steps.pullpreview.outputs.live == 'true' | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| preview_url="${{ steps.pullpreview.outputs.url }}" | |
| preview_host="${preview_url#https://}" | |
| preview_host="${preview_host#http://}" | |
| preview_host="${preview_host%%/*}" | |
| preview_host="${preview_host%%:*}" | |
| check_url() { | |
| local name="$1" | |
| local url="$2" | |
| local expected_status="$3" | |
| local attempt | |
| local attempts=3 | |
| local status="" | |
| local curl_exit=0 | |
| for attempt in $(seq 1 "${attempts}"); do | |
| set +e | |
| status="$( | |
| /usr/bin/curl -skS -o /dev/null \ | |
| --connect-timeout 10 \ | |
| --write-out '%{http_code}' \ | |
| "$url" 2>/dev/null | |
| )" | |
| curl_exit=$? | |
| set -e | |
| if [[ "${curl_exit}" -eq 0 ]]; then | |
| echo "${name}: ${url} -> ${status} (attempt ${attempt}/${attempts})" | |
| if [[ "${status}" == "${expected_status}" ]]; then | |
| return 0 | |
| fi | |
| else | |
| status="curl-exit-${curl_exit}" | |
| echo "${name}: ${url} -> ${status} (attempt ${attempt}/${attempts})" | |
| fi | |
| if [[ "${attempt}" -lt "${attempts}" ]]; then | |
| sleep 5 | |
| fi | |
| done | |
| echo "::error::${name} endpoint was not ready: ${url} expected HTTP ${expected_status}, last result ${status}" | |
| return 1 | |
| } | |
| check_url "Main root" "https://${preview_host}/" "302" | |
| check_url "Main login" "https://${preview_host}/login" "200" | |
| check_url "Nextcloud" "https://nextcloud.${preview_host}/status.php" "200" | |
| check_url "Keycloak" "https://keycloak.${preview_host}/realms/opnc" "200" |